Lucene search
+L

31 matches found

CVE
CVE
added 2026/07/10 5:10 p.m.11 views

CVE-2026-57475

Deloitte AI Assist for Customer had an unauthenticated POST vulnerability on public API endpoints that allowed a remote attacker to perform limited additions to the configuration. These changes were not used by the system. On 2026-03-25, access was restricted and authentication enforced for the e...

6.9CVSS6.2AI score0.00343EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:41 p.m.38 views

CVE-2026-12104 Authenticated OS Command Injection in Bondix

OS command injection in the environment and tunnel configuration functionality in SIMA GmbH Bondix through version 1.25.7.5 on Linux allows an authenticated attacker with configuration write access to execute arbitrary operating-system commands via crafted configuration values passed to server-si...

8.6CVSS0.01098EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:41 p.m.36 views

CVE-2026-12104

Bondix by SIMA GmbH (Linux) up to version 1.25.7.5 is affected by an authenticated OS command injection in environment and tunnel configuration handling. An attacker with configuration write access can pass crafted values to server-side scripts to execute arbitrary OS commands. The vulnerability ...

8.6CVSS6.2AI score0.01098EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : GitPython vulnerabilities (USN-8303-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8303-1 advisory. Santos Gallegos discovered that GitPython did not properly validate paths when...

9.8CVSS6.1AI score0.01012EPSS
Exploits5References6
Cvelist
Cvelist
added 2026/05/26 4:56 p.m.39 views

CVE-2026-8856 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

7.7CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 4:56 p.m.13 views

CVE-2026-8856 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

7.7CVSS5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 4:56 p.m.24 views

CVE-2026-8856

IBM HTTP Server 8.5 and 9.0 are affected by CVE-2026-8856, a denial-of-service condition triggered when an attacker with write access to parts of the server configuration can consume resources. The IBM Security Bulletin lists this CVE among multiple vulnerabilities in IBM HTTP Server (bundled wit...

9.1CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 4:30 p.m.6 views

CVE-2026-44774 Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

6.4CVSS5.8AI score0.00468EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.32 views

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 6:21 p.m.32 views

CVE-2026-45147

SiYuan before 3.7.0 is vulnerable: POST /api/tag/getTag is registered with model.CheckAuth only, omitting CheckAdminRole and CheckReadonly, allowing any authenticated user to pass a sort parameter that mutates Conf.Tag.Sort and triggers model.Conf.Save(), which rewrites the entire workspace conf....

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:21 p.m.3 views

CVE-2026-45147 SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any...

4.3CVSS6AI score0.00152EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 3:38 p.m.18 views

EUVD-2026-28367

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

5.9AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.32 views

CVE-2026-30496

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...

0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 3:18 p.m.7 views

EUVD-2026-23992

Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values...

6.3CVSS5.8AI score0.00212EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 11:17 a.m.4 views

CVE-2026-32976

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS6AI score0.00194EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 10:16 p.m.14 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS0.00439EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.5 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

8.3CVSS6.1AI score0.00439EPSS
Exploits0References5
CVE
CVE
added 2026/03/05 9:59 p.m.24 views

CVE-2026-28393

OpenClaw 2.0.0-beta3 through 2026.2.13 contains a path-traversal vulnerability in the hook transform module loading (hooks.mappings[].transform.module) that allows loading and executing arbitrary JavaScript with gateway process privileges when an attacker can modify configuration. The issue arise...

9.8CVSS6.1AI score0.00439EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/06/02 12:41 p.m.4 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the function saveConfigFile in the file HealthUtils.java, where a failed configuration file write triggers. An attacker can gain unauthorized access to system credentials by accessing...

6.9CVSS6.7AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2025/05/30 8:1 p.m.1 views

GHSA-V75G-77VF-6JJQ Para Server Logs Sensitive Information

CWE ID: CWE-532 Insertion of Sensitive Information into Log File CVSS: 7.5 High Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Component: Para Server Initialization Logging Version: Para v1.50.6 File Path:...

6.2CVSS5.9AI score0.00145EPSS
Exploits0References4
Rows per page
Query Builder